<?php
include 'su_log.php';
include '../inc/d.php';
if (isset($_POST['passwd'])) {
    if (empty(trim($_POST['passwd']))) {
        echo '原密码不能为空';
    } elseif (empty(trim($_POST['passwd2']))) {
        echo '新密码不能为空';
    } elseif (empty(trim($_POST['passwd3']))) {
        echo '确认新密码不能为空';
    } elseif (empty(trim($_POST['passwd2'])) != empty(trim($_POST['passwd3']))) {
        echo '两次密码不一致';
    } elseif (empty(trim($_POST['passwd2'])) != empty(trim($_POST['passwd']))) {
        echo '新旧密码不能一致';
    } else {
        $account = $_SESSION['su'];
        $mm = mm($_POST['passwd'], $account);
        if (exists('hw_su', "su_account='$account' and su_passwd='$mm'")) {
            $arr_assoc['su_passwd'] = mm($_POST['passwd2'], $account);
            updateByWhere('hw_su', $arr_assoc, "su_account=$account");
            echo '密码修改完成，请重新登录';
            session_destroy();
            header('refresh:3;url=su_login.php');
        } else {
            echo '原密码错误，无法修改';
        }
    }
}
?>

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <title>admin</title>
</head>
<body>
<h3>修改管理员：<?= $_SESSION['su'] ?> 密码</h3>
<form action="" method="post">
    原密码：<input type="password" name="passwd"><br>
    新密码: <input type="password" name="passwd2"><br>
    确认密码：<input type="password" name="passwd3"><br>
    <input type="submit" value="提交">
</form>
</body>
</html>

